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CLAIMS 

What is claimed is: 

1 . A method for providing computer network access, comprising: 

receiving a PPP session creation request from a client, said PPP session creation 
5 request including a control protocol frame encapsulated therein; 

obtaining user domain information associated with said PPP session creation 
request; 

setting up a Layer 2 tunnel according to a parameter contained in said control 
protocol frame; 

10 creating an ingress PPP object associated with an incoming PPP session, a host 

object associated with said client, and an egress PPP object associated with said Layer 2 
tunnel; 

creating an egress IP object based upon obtained user domain information, said 
egress IP object associated with IP-based forwarding; 
15 linking said ingress PPP object, said host object, and said egress PPP object, 

thereby forwarding data packets from a PPP session with said client over said Layer 2 
tunnel; and 

linking said host object and said egress IP object, thereby forwarding IP frames 
received from said client over a link other than said Layer 2 tunnel. 

20 

2. The method according to claim 1, wherein said setting up includes forwarding 
control protocol negotiations. 



25 



EL575422448US Docket No. CISCO-3041 

3. The method according to claim 1, further including: 

receiving an IP address through said Layer 2 tunnel, said IP address having been 
assigned to said client; and 

transferring said DP address to said client. 

5 

4. The method according to claim 1, wherein said user domain information is 
obtained from said PPP session creation request. 

5. The method according to claim 1, wherein said user domain information is 
10 obtained using a user profile. 

6. The method according to claim 1, wherein said user domain information is 
obtained from user identification information associated with a physical connection of 
said PPP session creation request. 

15 

7. The method according to claim 6, wherein said user domain information is 
obtained from a line number used by said client for transmitting said PPP session creation 
request. 

20 8. The method according to claim 1, wherein said user domain information is 

obtained from user identification information associated with a physical location of said 
client. 
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9. The method according to claim 1, farther comprising: 

maintaining a forwarding information base for said host object, said forwarding 
information base containing at least one association between a network address and either 
said ingress PPP object or said egress PPP object. 

5 

10. The method according to claim 9, wherein said forwarding information base 
includes a default link to said egress PPP object. 

1 1 . The method according to claim 9, wherein said forwarding information base is 
10 stored in the form of a hash table. 

12. The method according to claim 1, wherein said creating an ingress PPP object 
includes creating an access PPP object associated with a PPP connection to said client via 
a first interface. 

15 

13. The method according to claim 12, wherein said creating an egress PPP object 
includes: 

creating a first connection object containing a range of IP addresses; 
creating an aggregation PPP object associated with outgoing PPP frames; and 
20 creating a tunnel object associated with Layer 2 tunneling through a second 

interface. 
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14. The method according to claim 13, wherein said first connection object includes a 
list of network addresses. 



15. The method according to claim 13, wherein said creating an egress IP object 
5 includes: 

creating a second connection object containing a range of IP addresses; and 
creating a service object associated with IP frame forwarding through a third 
interface. 

10 16. The method according to claim 15, wherein said second connection object 
includes a list of network addresses. 

17. The method according to claim 15, further comprising maintaining a forwarding 
information base for said host object, said forwarding information base containing: 

15 an association between said access PPP object and an address of said client; and 

a default link to said aggregation PPP object. 

18. The method according to claim 17, wherein 

said creating said first connection object includes adding into said forwarding 
20 information base an association between said aggregation PPP object and a 
corresponding network address, and 
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said creating said second connection object includes adding into said forwarding 
information base an association between said service object and a corresponding network 
address. 



5 19. A network device for providing computer network access, said network device 
comprising: 

a first interface for receiving a PPP session creation request from a client, said 
PPP session creation request including a control protocol frame encapsulated therein; 

a second interface for forwarding data packets from a PPP session over a Layer 2 

10 tunnel; 

a third interface for forwarding IP frames over a link other than said Layer 2 

tunnel; 

a memory; and 

a processor coupled with said first interface, said second interface, said third 
15 interfaces, and said memory, said processor including: 

a domain information determiner for obtaining user domain 
information associated with said PPP session creation request; 

an object generator for creating objects in said memory, said object 
generator creating an ingress PPP object associated with an incoming PPP 
20 session, a host object associated with said client, an egress PPP object 

associated with Layer 2 tunneling through said second interface, and an 
egress IP object associated with IP-based forwarding through said third 
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interface, said egress IP object being created based upon obtained user 
domain information; 

a PPP session forwarder for setting up a Layer 2 tunnel according 
to a parameter contained in said control protocol frame, and for linking 
said ingress PPP object, said host object, and said egress PPP object, 
thereby forwarding data packets from a PPP session with said client over 
said Layer 2 tunnel; and 

an IP frame forwarder for linking said host object and said egress 
IP object, thereby forwarding IP frames received from said client over a 
link other than said Layer 2 tunnel. 

20. The network device according to claim 19, wherein said ingress PPP object 
includes an access PPP object associated with a PPP connection with said client via said 
first interface. 

21 . The network device according to claim 19, wherein said egress PPP object 
includes: 

a PPP session connection object containing a range of IP addresses; 

an aggregation PPP object associated with outgoing PPP frames; and 

a tunnel object associated with Layer 2 tunneling through said second interface. 

22. The apparatus according to claim 19, wherein said egress IP object includes: 
an IP frame connection object containing a range of IP addresses; and 
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a service object associated with IP frame forwarding through said third interface. 



23. The network device according to claim 19, wherein said PPP session forwarder 
forwards control protocol negotiations when setting up said Layer 2 tunnel. 

5 

24. The network device according to claim 19, wherein said PPP session forwarder 
includes: 

an IP address forwarder for receiving an IP address through said Layer 2 tunnel, 
said IP address having been assigned to said client, and for transferring said IP address to 
10 said client. 

25. The network device according to claim 19, wherein said domain information 
determiner obtains said user domain information from said PPP session creation request. 

15 26. The network device according to claim 19, wherein said domain information 
determiner obtains said user domain information using a service profile. 

27. The network device according to claim 19, wherein said domain information 
determiner obtains said user domain information from user identification information 
20 associated with a physical connection of said PPP session creation request. 
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28. The network device according to claim 27, wherein said domain information 
determiner obtains said user domain information from a line number used by said client 
for transmitting said PPP session creation request. 

5 29. The network device according to claim 19, wherein said domain information 
determiner obtains said user domain information from user identification information 
associated with a physical location of said client. 

30. The network device according to claim 19, further comprising: 

10 a forwarding information base provided for said host object, said forwarding 

information base containing at least one association between a network address and either 
said ingress PPP object or said egress PPP object. 

3 1 . The network device according to claim 30, wherein said forwarding information 
15 base includes a default link to said egress PPP object. 

32. The network device according to claim 30, wherein said forwarding information 
base is stored in the form of a hash table. 

20 33. An apparatus for providing computer network access, said apparatus comprising: 
a PPP session receiving interface; 
a PPP session Layer 2 tunneling interface; 
an IP frame forwarding interface; 
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a memory, said memory containing: 

an ingress PPP object associated with said PPP session receiving 
interface; 

a host object associated with a client requesting network access; 
5 an egress PPP object associated with said PPP session Layer 2 

tunneling interface; and 

an egress IP object associated with said IP frame forwarding 
interface; and 

a processor coupled with said PPP session receiving interface, said PPP session 
10 Layer 2 tunneling interface, said IP frame forwarding interface, and said memory, said 
processor including: 

a user domain information determiner; 

an object generator responsive to said user domain information 
determiner; 

15 a PPP session forwarder linking through said ingress PPP object, 

said host object, and said egress PPP object; and 

an IP frame forwarder linking through said host object and said 
egress IP object. 



20 34. An apparatus according to claim 33, further comprising: 

a forwarding information base associated with said host object, said forwarding 
information base containing at least one association between a network address and either 
said ingress PPP object or said egress PPP object. 
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35. The apparatus according to claim 34, wherein said forwarding information base is 
stored in the form of a hash table in said memory. 

5 36. The apparatus according to claim 34, wherein said forwarding information base 
includes a default link to said egress PPP object. 

37. The apparatus according to claim 36, wherein said forwarding information base 
further includes an association between said egress IP object and a corresponding 

10 network address. 

38. The apparatus according to claim 33, wherein said ingress PPP object includes an 
access PPP object associated with a PPP connection to said client via said PPP session 
receiving interface. 

15 

39. The apparatus according to claim 33, wherein said egress PPP object includes: 
a PPP session connection object containing a range of IP addresses; 

an aggregation PPP object associated with outgoing PPP frames; and 
a tunnel object associated with Layer 2 tunneling through said PPP session Layer 
20 2 tunneling interface. 

40. The apparatus according to claim 33, wherein said egress DP object includes: 
an IP frame connection object containing a second range of IP addresses; and 
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a service object associated with P frame forwarding through said IP frame 
forwarding interface. 



41. A system for providing computer network access, comprising: 

5 means for receiving a PPP session creation request from a client, said PPP session 

creation request including a control protocol frame encapsulated therein; 

means for obtaining user domain information associated with said PPP session 
creation request; 

means for setting up a Layer 2 tunnel according to a parameter contained in said 
10 control protocol frame; 

means for creating an ingress PPP object associated with an incoming PPP 
session, a host object associated with said client, an egress PPP object associated with 
said Layer 2 tunnel; 

means for creating an egress IP object based upon obtained user domain 
15 information, said egress IP object associated with IP-based forwarding; 

means for linking said ingress PPP object, said host object, and said egress PPP 
object, thereby forwarding data packets from a PPP session with said client over said 
Layer 2 tunnel; and 

means for linking said host object and said egress IP object, thereby forwarding IP 
20 frames received from said client over a link other than said Layer 2 tunnel. 

42. The system according to claim 41, wherein said means for setting up includes 
means for forwarding control protocol negotiations. 
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43. The system according to claim 41, further including: 

means for receiving an IP address through said Layer 2 tunnel, said IP address 
having been assigned to said client; and 
5 means for transferring said IP address to said client. 

44. The system according to claim 41, wherein said user domain information is 
obtained from said PPP session creation request. 

10 45. The system according to claim 41, wherein said user domain information is 
obtained using a user profile. 

46. The system according to claim 41, wherein said user domain information is 
obtained from user identification information associated with a physical connection of 

15 said PPP session creation request. 

47. The system according to claim 46, wherein said user domain information is 
obtained from a line number used by said client for transmitting said PPP session creation 
request. 

20 

48. The system according to claim 41, wherein said user domain information is 
obtained from user identification information associated with a physical location of said 
client. 
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49. The system according to claim 41, further comprising: 

means for maintaining a forwarding information base for said host object, said 
forwarding information base containing at least one association between a network 
5 address and either said ingress PPP object or said egress PPP object. 

50. The system according to claim 49, wherein said forwarding information base 
includes a default link to said egress PPP object. 

10 51. The system according to claim 49, wherein said forwarding information base is 
stored in the form of a hash table. 

52. The system according to claim 41, wherein said ingress PPP object includes an 
access PPP object associated with a PPP connection to said client via a first interface. 

15 

53. The system according to claim 52, wherein said egress PPP object includes: 
a first connection object containing a range of IP addresses; 

an aggregation PPP object associated with outgoing PPP frames; and 

a tunnel object associated with Layer 2 tunneling through a second interface, 

20 

54. The system according to claim 53, wherein said first connection object includes a 
list of network addresses. 
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55. The system according to claim 53, wherein said egress IP object includes: 
a second connection object containing a range of IP addresses; and 
a service object associated with TP frame forwarding through a third interface. 

5 56, The system according to claim 55, wherein said second connection object 
includes a list of network addresses. 

57. The system according to claim 55, further comprising means for maintaining a 
forwarding information base for said host object, said forwarding information base 

10 containing: 

an association between said access PPP object and an address of said client; and 
a default link to said aggregation PPP object. 

58. The system according to claim 57, wherein 

15 said means for creating said first connection object includes means for adding into 

said forwarding information base an association between said aggregation PPP object and 
a corresponding network address, and 

said means for creating said second connection object includes means for adding 
into said forwarding information base an association between said service object and a 

20 corresponding network address. 
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59. A program storage device readable by a machine, tangibly embodying a program 
of instructions executable by the machine to perform a system for providing computer 
network access, the system including: 

receiving a PPP session creation request from a client, said PPP session creation 
5 request including a control protocol frame encapsulated therein; 

obtaining user domain information associated with said PPP session creation 
request; 

setting up a Layer 2 tunnel according to a parameter contained in said control 
protocol frame; 

10 creating an ingress PPP object associated with an incoming PPP session, a host 

object associated with said client, and an egress PPP object associated with said Layer 2 
tunnel; 

creating an egress IP object based upon obtained user domain information, said 
egress IP object associated with IP-based forwarding; 
15 linking said ingress PPP object, said host object, and said egress PPP object, 

thereby forwarding data packets from a PPP session with said client over said Layer 2 
tunnel; and 

linking said host object and said egress DP object, thereby forwarding IP frames 
received from said client over a link other than said Layer 2 tunnel. 

20 
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